@ddstreet, unfortunately, even with 245.4-4ubuntu3.8 on Focal, the mtime
keeps changing as RAs are received :/
** Tags removed: verification-needed-focal
** Tags added: verification-failed-focal
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
I no longer have access to the affected machine(s) so I'll mark it as
incomplete waiting for an ex-colleague to check if the problem still
occurs.
** Changed in: systemd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch
Verification procedure on Focal:
$ lxc launch focal lp1902236-f
Creating lp1902236-f
Starting lp1902236-f
$ lxc exec lp1902236-f bash
root@lp1902236-f:~# getent passwd | grep root
root:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/sh
root@lp1902236-f:~# getent passwd | grep nobody
*** This bug is a duplicate of bug 1913187 ***
https://bugs.launchpad.net/bugs/1913187
** This bug has been marked a duplicate of bug 1913187
iproute2 segfaults when filtering sockets
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
However, lxd seems to deal with /sys/kernel/debug itself by mounting it
unconditionally, irrespective of what systemd would do.
This was tested by running `systemctl mask sys-kernel-debug.mount` in a
container and seeing /sys/kernel/debug being mounted nevertheless.
--
You received this bug
Public bug reported:
On modern Ubuntu systems, /sys/kernel/debug is mounted by default due to
sys-kernel-debug.mount being enabled by default.
AFAIK, this FS doesn't need to be mounted for normal operations and back
in the day, there were concerns about the security implications of
having it
Public bug reported:
* Summary
systemd's NSS integration causes getent passwd/group to return
duplicated entries for root/root and nobody/nogroup. The root account
also gets a different shell (/bin/sh instead of /bin/bash).
* Steps to reproduce:
1) create a container
$ lxc launch
** Description changed:
+ [Steps to reproduce]
+
+ 1) launch a focal container
+ $ lxc launch images:ubuntu/focal focal-1897561
+ 2) enter the container
+ $ lxc shell focal-1897561
+ 3) install libnginx-mod-http-perl
+ # apt-get install -y nginx-core libnginx-mod-http-perl
+ 4) check nginx
strace'ing systemd-resolved showed that files under
/run/systemd/netif/links/ are re-created as well when a RA comes in but
their content never changes yet the stub-resolv.conf is created over and
over:
root@lxd02:~# cat /run/systemd/netif/links/*
/run/systemd/resolve/stub-resolv.conf | md5sum;
Public bug reported:
# Issue description:
On 2 Linode VMs that are used as lxd hosts, we noticed that
/run/systemd/resolve/*resolv.conf were re-created quite frequently (~
once per second). We noticed because of the log noise from lxd's dnsmasq
instance using inotify to watch the target of
[Test Case]
$ lxc launch ubuntu:20.04/amd64 sudo-sru-lp1857036-test
$ lxc shell sudo-sru-lp1857036-test
Reproduce the problem
root@sudo-sru-lp1857036-test:~# sudo true
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
Enable -proposed and update
root@sudo-sru-lp1857036-test:~# apt install
Thanks Bryce for the PPA. I can confirm it does work:
# reproduce the problem:
root@sudo-sru-lp1857036-test:~# sudo true
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
# get the fix from the PPA:
root@sudo-sru-lp1857036-test:~# apt-add-repository -yus
*** This bug is a duplicate of bug 1857036 ***
https://bugs.launchpad.net/bugs/1857036
** This bug has been marked a duplicate of bug 1857036
`sudo --login --user USERNAME` throws `setrlimit(RLIMIT_CORE): Operation not
permitted` error when run inside a container.
--
You received this
*** This bug is a duplicate of bug 1857036 ***
https://bugs.launchpad.net/bugs/1857036
** This bug has been marked a duplicate of bug 1857036
`sudo --login --user USERNAME` throws `setrlimit(RLIMIT_CORE): Operation not
permitted` error when run inside a container.
--
You received this
Reproducing the issue *before* the patch:
root@foo:~# dpkg -l| grep -wF ' systemd '
ii systemd 245.4-4ubuntu3.1 amd64system
and service manager
root@foo:~# systemctl status test.service
● test.service - Test Truncate
Loaded: loaded
A SRU to Focal would be greatly appreciated as dehydrated (Let's Encrypt
client) is also affected, probably because it's in essence just a bash
script. Here are the logs where it seems to indicate the certificate
doesn't need to to be renewed just yet:
Jun 25 00:26:10 rproxy dehydrated[21256]: +
@Christian,
https://code.launchpad.net/~sdeziel/ubuntu/+source/rsyslog/+git/rsyslog/+merge/382345
was a 'drive-by' merge proposal not associated with any LP (is that
OK?). As such, I don't consider it related to this bug which can be
closed now AFAICT.
--
You received this bug notification
On 2020-06-02 8:50 p.m., Chris Halse Rogers wrote:
> You don't *have* to include the full output of the test cases when
> verifying a bug (although, depending on how much output there is, it can
> be nice).
OK, good, thanks for clarifying!
> I don't think it was clear that you *had* gone through
@Brian, I did go through the full test case when marking it as verified
in comment #20.
Do I really need to repeat the full test case when verifying a bug?
$ lxc launch images:ubuntu/focal fb1
$ lxc exec fb1 -- apt update && lxc exec fb1 -- apt install apparmor -y
$ lxc exec fb1 -- apt install
** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
On 2020-05-25 4:17 a.m., Łukasz Zemczak wrote:
> This is fine right now, but please be sure to be a bit more verbose
> about what kind of testing has been performed on the selected package!
I went through the [test case] steps before and after the -proposed
update. Should I simply explicitly
On Focal, I can confirm the bug and the fix from 245.4-4ubuntu3.1
(focal-proposed). Thanks for working on this!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1860926
After pulling apparmor 2.13.3-7ubuntu5.1 from focal-proposed:
Get:18 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 apparmor
amd64 2.13.3-7ubuntu5.1 [494 kB]
...
Unpacking apparmor (2.13.3-7ubuntu5.1) over (2.13.3-7ubuntu5) ...
Setting up libapparmor1:amd64 (2.13.3-7ubuntu5.1) ...
To save you some work, I'll be happy to do the verification as soon as
something lands in focal-proposed. Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1872564
It tested fine with 237-3ubuntu10.41:
(Reading database ... 54686 files and directories currently installed.)
Preparing to unpack libnss-systemd_237-3ubuntu10.41_amd64.deb ...
Unpacking libnss-systemd:amd64 (237-3ubuntu10.41) over (237-3ubuntu10.40) ...
Preparing to unpack
@ddstreet, PersistentKeepalive is not needed as you'll see in the steps
to reproduce.
** Description changed:
[impact]
systemd-networkd uses incorrect netlink attribute length for wireguard's
persistent keepalive interval, which logs error messages from the
kernel, and may incorrectly
Steps to reproduce:
lxc launch images:ubuntu/bionic --vm -c security.secureboot=false foo
sleep 10 # allow booting
lxc exec foo -- apt install -y software-properties-common
lxc exec foo -- add-apt-repository -y ppa:wireguard/wireguard
lxc exec foo -- apt install -y wireguard-tools
cat << EOF |
Here is a strace of systemd-networkd when it was consuming 100% CPU:
https://paste.ubuntu.com/p/2XwxWwW99q/
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1877159
Title:
The missing rule for boot_id was added to Apparmor 2.13
(https://gitlab.com/apparmor/apparmor/-/blob/apparmor-2.13/profiles/apparmor.d/abstractions/nameservice#L35)
and was later refined in the master branch. As such, marking as fix
committed.
** Changed in: apparmor (Ubuntu)
Status: New
On 2020-05-06 2:49 p.m., Andreas Hasenack wrote:
> There are many alternatives here.
IIRC, `chmod -x` snippets from /etc/update-motd.d/ was the way to go a
few releases ago when it was consumed by run-parts.
> I think fixing this doesn't warrant an SRU, but should be considered for
> the devel
Public bug reported:
This morning, our 2 Bionic machine configured with the wireguard's PPA
and using systemd-networkd to configure the wireguard tunnel started
misbehaving. Why this started just now is unclear ATM but their dmesg
was filled with this:
validate_nla: 100 callbacks suppressed
squid in focal is indeed another package that triggers that denial but
it is non fatal there as mentioned by Andreas.
@ahasenack, with 4.11, squid's systemd unit moved from Type=forking to
Type=notify and with the error you showed, I would expect you to see a
denial trying to write to
`snap info lxd` says:
installed: 4.0.1 (14890) 72MB -
And indeed, there is a tmpfs mounted there:
root@bind:~# mount | grep boot
none on /proc/sys/kernel/random/boot_id type tmpfs
(ro,nosuid,nodev,noexec,relatime,size=492k,mode=755,uid=1524288,gid=1524288)
That said,
On a stock install, adding "Port 7722" to /etc/ssh/sshd_config and
restarting sshd gives me this:
# ss -nltp | grep sshd
LISTEN0 128 0.0.0.0:77220.0.0.0:*
users:(("sshd",pid=10651,fd=3))
LISTEN0 128 [::]:7722
@Adriaan, are there really 2 sshd running? Or is it only one binding to
the 2 ports and applying different parameter using Match conditions?
Beware what on 20.04, there is support for additional config snippets
dropped in /etc/ssh/sshd_config.d/*.conf.
To check for 2 daemons:
sudo ss -nltp |
Public bug reported:
Description:
motd-news complains that curl is missing on every run. motd-news.timer
firing every ~12 hours, this useless message ends up in the logs
regularly.
Steps to reproduce:
$ lxc launch images:ubuntu/focal motd
Creating motd
Starting motd
$ lxc exec motd --
Scratch that. Using 'owner' on a root-owned but world readable file is
probably ill-advised in an abstraction. It seems plausible for an
application to do NSS lookup for user/group while running as non-root.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
On all my machines and using various daemons, the denial messages always
have fsuid==ouid. As such, I believe it would be OK to use the 'owner'
specifier like this:
owner @{PROC}/sys/kernel/random/boot_id r,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
The 1st SRU for Bionic failed because I typo'ed the path to the binary (rsyslog
!= rsyslogd).
Focal is fixed and Bionic is left with a 'bad' package in bionic-proposed. I
don't think redoing the SRU for Bionic is worth it, it's a default *disabled*
profile after all.
I'd leave things as is or
Oops, it should have been LOW, not LEGACY. Here it is again to avoid any
confusion:
As a workaround, can you try lowering the profile from MEDIUM [1] to LOW
[2]:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
*** This bug is a duplicate of bug 1872778 ***
https://bugs.launchpad.net/bugs/1872778
As a workaround, can you try lowering the profile from MEDIUM [1] to LOW
[2]:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
As a workaround, can you try lowering the profile from MEDIUM [1] to
LEGACY:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2:%PROFILE_LEGACY
EOF
1:
** This bug is no longer a duplicate of bug 1872778
update-crypto-policies not affecting Gnome Online Accounts
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnome-online-accounts in
Ubuntu.
On 2020-04-11 9:04 p.m., Simon Déziel wrote:
> On 2020-04-10 1:16 p.m., Jamie Strandboge wrote:
>> The abstraction is meant to cover the client, not systemd internal
>> specifics. A client simply accessing that DBus API won't need it and a
>> client simply accessing tho
Public bug reported:
# Description
On a default Focal install, systemd is used when looking up passwd and
group information:
# grep systemd /etc/nsswitch.conf
passwd: files systemd
group: files systemd
Daemons confined by Apparmor that also query those "databases" will
cause
On 2020-04-10 1:16 p.m., Jamie Strandboge wrote:
> The abstraction is meant to cover the client, not systemd internal
> specifics. A client simply accessing that DBus API won't need it and a
> client simply accessing those sockets won't need it. It very well might
> be that a profiled application
@jdstrand, asked in #systemd about @{PROC}/sys/kernel/random/boot_id and
didn't get much information back. That said,
https://github.com/systemd/systemd/blob/master/docs/RANDOM_SEEDS.md
#systemds-use-of-random-numbers says:
> At various places systemd needs random bytes for temporary file name
@narchetic, I did not notice any slowdown during shutdown but those
servers are headless and I didn't time their reboot.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/1863919
As mentioned in LP: #1796911 by xnox, some abstractions should be
augmented with the corresponding dbus rules. Support for userdb should
also be added IMHO.
Here are the rules that were needed in my tests on an up to date Focal:
# systemd DynamicUser
/run/systemd/userdb/ r,
Public bug reported:
systemd offers to create dynamic (and semi-stable) users for services.
This causes many services using Apparmor profiles to trigger those
denials (even when they don't use the DynamicUser feature):
audit: type=1107 audit(1585076282.591:30): pid=621 uid=103
auid=4294967295
I'm happy to report that apt version 2.0.0 fixed this bug, thanks!
$ apt-cache policy apt
apt:
Installed: 2.0.0
Candidate: 2.0.0
Version table:
*** 2.0.0 500
500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
100 /var/lib/dpkg/status
** Changed in: apt (Ubuntu)
Public bug reported:
In Focal, running 'apt update' result in the following messages being
logged:
Mar 20 15:24:12 fa1 http[3392]: Libgcrypt warning: missing initialization -
please fix the application
Mar 20 15:24:12 fa1 http[3393]: Libgcrypt warning: missing initialization -
please fix the
Public bug reported:
# Steps to reproduce:
$ lxc launch images:ubuntu/focal fa1
$ lxc shell fa1
root@fa1:~# echo 'APT::Sandbox::Seccomp "true";' >
/etc/apt/apt.conf.d/01apt-seccomp
root@fa1:~# rm /var/lib/apt/lists/*Release # makes sure we fetch stuff from
the network
root@fa1:~# apt-get
Public bug reported:
Since lvm2 was updated to 2.02.176-4.1ubuntu3.18.04.2 on Bionic (LP:
#1854981), we notice that some of our machines have lingering pvscan
processes apparently running from the initramfs's root that
persist/never finish/exit.
On the affected servers, this is visible as there
The version in focal-proposed works well, thanks Christian! I hadn't
anticipated the additional roadblocks so I really appreciate you pushing
it forward nevertheless!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this bug notification because you are a member of Ubuntu
fw01/02 have bond0.21 that is setup to have fe80::1 as the VIP used as
the network gateway:
root@fw01:~# ip -6 a show bond0.21
8: bond0.21@bond0: mtu 1500 state UP qlen 1000
inet6 2620:a:b:21::2/64 scope global
valid_lft forever preferred_lft forever
inet6
I feel really bad now :/
The initial commit that went in doesn't even fix the problem due to a
typo/confusion. The proposed manual workaround was OK but the merge
proposal was not.
"/usr/sbin/rsyslog mr," != "/usr/sbin/rsyslogd mr,"
I'm failing the verification and have proposed a new MP.
Thanks Łukasz and Christian. I find the block-proposed-* tags idea
interesting if that's not too much work on your side.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
I'm hitting the same problem when using a Bionic host with a Bionic
container when using the 5.0 HWE kernel.
@paelzer, I'd appreciate if this could be SRU'ed to Bionic, please :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
Yeah, this GetDynamicUsers denial is probably unrelated and should/will
be addressed in another bug. Thanks for double checking the alias trick!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
On 2019-07-03 10:47 a.m., Christian Ehrhardt wrote:
> I feel bad that this hung around so log, but today I saw it and gave it a
> review.
> This is building in Eoan now.
No worries for the delay, I know where to find you if something more
critical is taking too long to my taste ;) Thank you
@xnox, thanks it was indeed an error on my part. The key was to have
openssl_conf in the default/unnamed section and then not introduce bogus
values: Ciphers is not recognized and causes the config section to be
ignored.
I believe this bug could be marked as Invalid for all the releases but
I'll
In my tests, I used NGINX with those TLS related params:
# grep -r ssl_ /etc/nginx/nginx.conf /etc/nginx/conf.d/
/etc/nginx/sites-enabled/
/etc/nginx/nginx.conf: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3,
ref: POODLE
/etc/nginx/nginx.conf: ssl_prefer_server_ciphers on;
Public bug reported:
[Description]
Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
gained access to TLS 1.3 by default. The applications that were not
rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol,
ciphersuites selection, ciphersuites order) like
Public bug reported:
Issue description:
Enabling the rsyslog (disabled by default) Apparmor profile causes
rsyslog to fail to start when running *inside a container*.
Steps to reproduce:
1) Create a 'eoan' container called rs1 here:
lxc launch ubuntu-daily:e rs1
2) Enter the container
lxc
systemd from Cosmic is not affected by this bug:
# apt-cache policy systemd
systemd:
Installed: 239-7ubuntu10.3
Candidate: 239-7ubuntu10.3
Version table:
*** 239-7ubuntu10.3 500
500 http://archive.ubuntu.com/ubuntu cosmic-updates/main amd64 Packages
500
Public bug reported:
update-motd(5) says:
Executable scripts in /etc/update-motd.d/* are executed by pam_motd(8) as the
root user at each
login, and this information is concatenated in /run/motd.dynamic. The order
of script execu‐
tion is determined by the run-parts(8) --lsbsysinit
A possible fix would be to make the unit execution conditional to the
update-motd fragment being executable:
[Unit]
ConditionFileIsExecutable=/etc/update-motd.d/50-motd-news
I'm not sure if this should be added to motd-news.service, motd-
news.timer or both.
** Description changed:
Sorry, it should have read "After=network-online.target".
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/#cutthecraphowdoimakesurethatmyservicestartsafterthenetworkisreallyonline
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
@Rodman, as a workaround, maybe you could try to add an "After=systemd-
networkd-wait-online.service" clause in a drop-in snippet?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
Public bug reported:
The gateways/firewalls in our DC are highly available and when there is
a failover their IPv6 VIP (fe80::1) moves from the master to the backup
one.
We found that only our Bionic VMs behind those gateways had issues after
a failover. Those Bionic VMs were all running
The bug is fixed in Bionic.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1427807
Title:
usermod's man refers to --*-sub-uids but accepts only --*-subuids
Status in
This is fixed in Debian since 4.16.0-4 at least.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iproute2 in Ubuntu.
https://bugs.launchpad.net/bugs/1787396
Title:
ss crashes when using --no-header
Status in iproute2
This also happens on Cosmic that has the same version of ss/iproute2:
# apt-cache policy iproute2
iproute2:
Installed: 4.15.0-2ubuntu1
Candidate: 4.15.0-2ubuntu1
Version table:
*** 4.15.0-2ubuntu1 500
500 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
100
Public bug reported:
Steps to reproduce:
1) Listen on port 8989:
$ nc -l 8989 &
2) Check that ss can list this listener:
$ ss --no-header -nto state listening 'sport = 8989'
010.0.0.0:8989 0.0.0.0:*
3) Ask ss to list listeners on a port where nothing
** Description changed:
Zesty and later (LP: #1363482) are no longer shipping with 1024D keys
but older LTS releases (Trusty/Xenial) still trust those weak keys:
$ lsb_release -sc
xenial
$ apt-key list
/etc/apt/trusted.gpg
pub 1024D/437D05B5 2004-09-12
*** This bug is a security vulnerability ***
Public security bug reported:
Zesty and later (LP: #1363482) are no longer shipping with 1024D keys
but older LTS releases (Trusty/Xenial) still trust those weak keys:
$ lsb_release -sc
xenial
$ apt-key list
/etc/apt/trusted.gpg
I looked at the patch (didn't test it) and I think the fprintf call is
missing an argument to format as a string. It should read like this
IMHO:
- fprintf(mail, "From: root (Cron Daemon)\n");
+ fprintf(mail, "From: %s\n", mailfrom);
--
You received this bug notification because you
It's already mentioned in the NEWS file but for those who would like to
test the seccomp sanbox, all that's needed is:
APT::Sandbox::Seccomp "true";
Thanks Julian
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in
Public bug reported:
From
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1749931/comments/4:
[2794367.925181] apparmor="DENIED" operation="open"
profile="/usr/sbin/unbound" name="/var/lib/sss/mc/initgroups" pid=5111
comm="unbound" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
The
Public bug reported:
Ubuntu's cron version doesn't support setting MAILFROM to set the
"From:" header of cron generated emails. This feature would be nice to
have and bring parity with RHEL/CentOS which has it since RHEL 6:
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
$ man 5 crontab |
Xenial ships 1.5.6-2 so marking as fix released.
** Changed in: xmltooling (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
On a hypervisor, binding on link local IPs is undesirable IMHO and
that's why I always added a similar ignore to the one you proposed. That
said, NTP works well over link local addresses so some folks are
probably using it.
--
You received this bug notification because you are a member of Ubuntu
Hello Christian,
On 2017-12-11 10:36 AM, ChristianEhrhardt wrote:
> Hi Simon,
> we are currently shuffling around responsibilities for iproute so extra
> latencies might occur :-/.
I have no urgent need for this. I was simply experimenting with an
IPv6-only lab.
> 2. the Xenial kernel has this
Public bug reported:
[Impact]
Xenial users are unable to create vti6 tunnels.
[Test case]
1) Create a vti6 tunnel
sudo ip tunnel add vti0 mode vti6 local :: remote fdd6:bdb4:5614::2 key 54
2) No error should be displayed and "ip link" should show a new device named
"vti0"
The ip tunnel call
Thanks for the patch Christian, I relayed it in https://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=882556
** Bug watch added: Debian Bug tracker #882556
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882556
--
You received this bug notification because you are a member of Ubuntu
Touch
A possible workaround would be to add "Restart=on-failure" in the
"[Service]" section of the systemd unit.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1689833
Title:
Maybe a fallback mechanism would be needed? Something like this:
/usr/bin/evince (Px, Cxr -> sanitized_helper),
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Since Evince ships with an Apparmor profile on its own, I think the
following fix makes sense:
$ diff -Naur abstractions/ubuntu-browsers.d/productivity{.orig,}
--- abstractions/ubuntu-browsers.d/productivity.orig2017-10-26
15:34:03.374102924 -0400
+++
I see the NM one passes now, thanks for retrying it. The aria2 armhf
problem reliably fails though. I guess I'll have to setup a QEMU VM for
that arch and manually run the test to see what's going on.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
@juliank, thanks for the update. I wasn't aware of the autopkgtest
failing for some reverse dependencies. Any pointers to those? I'm
determined to see this one though, but on Monday ;)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
The Xenial fix is identical to what went in Artful and Zesty so it
shouldn't be subject to any more review.
The review was requested to check if the different fix proposed for
Trusty was OK.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
It's been a while since the Xenial -proposed package have been
successfully validated. Is there anything preventing it from entering
-updates?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
** Bug watch added: Debian Bug tracker #865770
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865770
** Also affects: openssh (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865770
Importance: Unknown
Status: Unknown
--
You received this bug notification
On Truty with 2.12.23-12ubuntu2.9, the sSMTP client would abort the
StartTLS connection complaining it didn't support the signature
algorithm in use.
When validating I used a mail relay with a RSA-SHA256 cert signed by
CAcert.org. CAcert.org is (self-signed) RSA-MD5. It turned out that
Trusty
The trusty-proposed version (2.12.23-12ubuntu2.9) doesn't work and
introduces a regression preventing successful TLS/SSL connections. I'll
check if there is an easy fix for gnutls26.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Verified on Zesty with:
$ apt-cache policy libgnutls-openssl27:amd64
libgnutls-openssl27:
Installed: 3.5.6-4ubuntu4.2
Candidate: 3.5.6-4ubuntu4.2
Version table:
*** 3.5.6-4ubuntu4.2 500
500 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
100
101 - 200 of 339 matches
Mail list logo